Unable to resolve fqdn's inside LAN

[braveheart_7]

Hi Experts,

Newbie here. Any help is much appreciated. I am unable to resolve fqdn's inside my lan. In this example, I'm trying to ping truenas.home.arpa from my pc which fails.

---Config---
Name: opnsense.home.arpa
Version: OPNsense 24.7.11_2-amd64
Router IP: 10.10.7.1/24
Unbound is enabled
Unbound DNS: DNS over TLS: 9.9.9.9

Win10 PC: Dynamic DHCP

truenas.home.arpa: 10.10.7.7
-------------


Successfully flushed the DNS Resolver Cache.

C:\Users\xxxx>ping 10.10.7.7

Pinging 10.10.7.7 with 32 bytes of data:
Reply from 10.10.7.7: bytes=32 time<1ms TTL=64
Reply from 10.10.7.7: bytes=32 time<1ms TTL=64
Reply from 10.10.7.7: bytes=32 time<1ms TTL=64
Reply from 10.10.7.7: bytes=32 time<1ms TTL=64

Ping statistics for 10.10.7.7:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\xxxx>ping -a 10.10.7.7

Pinging TRUENAS [10.10.7.7] with 32 bytes of data:
Reply from 10.10.7.7: bytes=32 time<1ms TTL=64
Reply from 10.10.7.7: bytes=32 time<1ms TTL=64
Reply from 10.10.7.7: bytes=32 time<1ms TTL=64
Reply from 10.10.7.7: bytes=32 time<1ms TTL=64

Ping statistics for 10.10.7.7:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\xxxx>ping truenas.home.arpa
Ping request could not find host truenas.home.arpa. Please check the name and try again.

C:\Users\xxxx>ping dns.quad9.net

Pinging dns.quad9.net [9.9.9.9] with 32 bytes of data:
Reply from 9.9.9.9: bytes=32 time=43ms TTL=50
Reply from 9.9.9.9: bytes=32 time=42ms TTL=50
Reply from 9.9.9.9: bytes=32 time=50ms TTL=50
Reply from 9.9.9.9: bytes=32 time=43ms TTL=50

Ping statistics for 9.9.9.9:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 50ms, Average = 44ms


C:\Users\xxxx>nslookup 10.10.7.7
Server:  opnsense.home.arpa
Address:  10.10.7.1

*** opnsense.home.arpa can't find 10.10.7.7: Non-existent domain

C:\Users\xxxx>nslookup truenas
Server:  opnsense.home.arpa
Address:  10.10.7.1

*** opnsense.home.arpa can't find truenas: Non-existent domain

C:\Users\xxxx>nslookup truenas.home.arpa
Server:  opnsense.home.arpa
Address:  10.10.7.1

*** opnsense.home.arpa can't find truenas.home.arpa: Non-existent domain

[meyergru]

If DNS does not work, you have to answer three simple questions:

1. Who do you ask? You did not show this, because there are (at least) two ways how OpnSense can distribute DNS servers via DHCP: a. itself (i.e. Unbound) or b. the upstream servers (which do not know about your internal DNS). This is influenced in two places: a. "Services: ISC DHCPv4", where you can set specific DNS servers, b. Under "System: Settings: General", where there are DNS settings.

2. What do you ask for? You did not show this completely, because you can distribute "search domains" via DHCP. That way, you could distribute "home.arpa" as search domain and just ask for "truenas" instead of "truenas.home.arpa".

3. What does the DNS server know? You did not show this, because there are several ways how the association of "truename.home.arpa" could have been provided to unbound: a. via a DNS override in Unbound, b. via a DHCP dynamic lease or c. via a DCHP static reservation. Some of this is influenced by checkboxes in unbound under "Services: Unbound DNS: General", static reservations also need an Unbound restart after creating them.

You can look at "ipconfig /all" on your Windows PC to answer the first two questions. And you can ask Unbound directly via "nslookup truenas.home.arpa <ip-of-your-opnsense>" to answer the third question.

From the last outputs, one can see that obviously, it was your OpnSense that was being asked and it does not know about the name, so your problem seems to be the third question.